search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
pylibsmb: Return reparse_tag from directory listing
[Samba.git] / testprogs / blackbox / test_client_kerberos.sh
blob54554ea32900c2b75ec8641a485ddf0d5faaa29d
1 #!/bin/sh
2 # Blackbox tests for kerberos client options
3 # Copyright (c) 2019 Andreas Schneider <asn@samba.org>
4
5 if [ $# -lt 6 ]; then
6 cat <<EOF
7 Usage: test_client_kerberos.sh DOMAIN REALM USERNAME PASSWORD SERVER PREFIX CONFIGURATION
8 EOF
9 exit 1
10 fi
11
12 DOMAIN=$1
13 REALM=$2
14 USERNAME=$3
15 PASSWORD=$4
16 SERVER=$5
17 PREFIX=$6
18 CONFIGURATION=$7
19 shift 7
20
21 failed=0
22
23 . $(dirname $0)/subunit.sh
24 . $(dirname $0)/common_test_fns.inc
25
26 samba_bindir="$BINDIR"
27 samba_rpcclient="$samba_bindir/rpcclient"
28 samba_smbclient="$samba_bindir/smbclient"
29 samba_smbtorture="$samba_bindir/smbtorture"
30
31 samba_kinit=$(system_or_builddir_binary kinit "${BINDIR}" samba4kinit)
32 samba_kdestroy=$(system_or_builddir_binary kdestroy "${BINDIR}" samba4kdestroy)
33
34 test_rpc_getusername()
35 {
36 eval echo "$cmd"
37 out=$(eval $cmd)
38 ret=$?
39 if [ $ret -ne 0 ]; then
40 echo "Failed to connect! Error: $ret"
41 echo "$out"
42 return 1
43 fi
44
45 echo "$out" | grep -q "Account Name: $USERNAME, Authority Name: $DOMAIN"
46 ret=$?
47 if [ $ret -ne 0 ]; then
48 echo "Incorrect account/authority name! Error: $ret"
49 echo "$out"
50 return 1
51 fi
52
53 return 0
54 }
55
56 test_smbclient()
57 {
58 eval echo "$cmd"
59 out=$(eval $cmd)
60 ret=$?
61 if [ $ret -ne 0 ]; then
62 echo "Failed to connect! Error: $ret"
63 echo "$out"
64 fi
65
66 return $ret
67 }
68
69 test_smbclient_kerberos()
70 {
71 eval echo "$cmd -d5"
72 out=$(eval $cmd)
73 ret=$?
74 if [ $ret -ne 0 ]; then
75 echo "Failed to connect! Error: $ret"
76 echo "$out"
77 return 1
78 fi
79
80 echo "$out" | grep "Doing init for" >/dev/null 2>&1
81 ret=$?
82 if [ $ret -eq 0 ]; then
83 echo "Kinit failed for smbclient"
84 echo "$out"
85 return 1
86 fi
87
88 return 0
89 }
90
91 KRB5CCNAME_PATH="$PREFIX/ccache_client_kerberos"
92 KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
93 export KRB5CCNAME
94
95 ### RPCCLIENT (legacy)
96 cmd='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} -c getusername 2>&1'
97 testit "test rpcclient legacy ntlm" \
98 test_rpc_getusername ||
99 failed=$(expr $failed + 1)
100
101 cmd='echo ${PASSWORD} | USER=${USERNAME} $samba_rpcclient ncacn_np:${SERVER} --configfile=${CONFIGURATION} -c getusername 2>&1'
102 testit "test rpcclient legacy ntlm interactive" \
103 test_rpc_getusername ||
104 failed=$(expr $failed + 1)
105
106 cmd='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} --configfile=${CONFIGURATION} -c getusername 2>&1'
107 testit "test rpcclient legacy ntlm interactive with -U" \
108 test_rpc_getusername ||
109 failed=$(expr $failed + 1)
110
111 cmd='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
112 testit "test rpcclient legacy kerberos" \
113 test_rpc_getusername ||
114 failed=$(expr $failed + 1)
115
116 cmd='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
117 testit_expect_failure "test rpcclient legacy kerberos interactive (negative test)" \
118 test_rpc_getusername ||
119 failed=$(expr $failed + 1)
120
121 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
122 cmd='$samba_rpcclient ncacn_np:${SERVER} -k --configfile=${CONFIGURATION} -c getusername 2>&1'
123 testit "test rpcclient legacy kerberos ccache" \
124 test_rpc_getusername ||
125 failed=$(expr $failed + 1)
126 $samba_kdestroy
127
128 ### RPCCLIENT
129 cmd='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} --use-kerberos=disabled --configfile=${CONFIGURATION} -c getusername 2>&1'
130 testit "test rpcclient ntlm" \
131 test_rpc_getusername ||
132 failed=$(expr $failed + 1)
133
134 cmd='echo ${PASSWORD} | USER=${USERNAME} $samba_rpcclient ncacn_np:${SERVER} --use-kerberos=disabled --configfile=${CONFIGURATION} -c getusername 2>&1'
135 testit "test rpcclient ntlm interactive" \
136 test_rpc_getusername ||
137 failed=$(expr $failed + 1)
138
139 cmd='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} --use-kerberos=disabled --configfile=${CONFIGURATION} -c getusername 2>&1'
140 testit "test rpcclient ntlm interactive with -U" \
141 test_rpc_getusername ||
142 failed=$(expr $failed + 1)
143
144 cmd='$samba_rpcclient ncacn_np:${SERVER} -U${USERNAME}%${PASSWORD} --use-kerberos=required --configfile=${CONFIGURATION} -c getusername 2>&1'
145 testit "test rpcclient kerberos" \
146 test_rpc_getusername ||
147 failed=$(expr $failed + 1)
148
149 cmd='echo ${PASSWORD} | $samba_rpcclient ncacn_np:${SERVER} -U${USERNAME} --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} -c getusername 2>&1'
150 testit_expect_failure "test rpcclient kerberos interactive (negative test)" \
151 test_rpc_getusername ||
152 failed=$(expr $failed + 1)
153
154 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
155 cmd='$samba_rpcclient ncacn_np:${SERVER} --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} -c getusername 2>&1'
156 testit "test rpcclient kerberos ccache" \
157 test_rpc_getusername ||
158 failed=$(expr $failed + 1)
159 $samba_kdestroy
160
161 ### SMBTORTURE (legacy)
162
163 cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
164 testit "test smbtorture legacy default" \
165 test_rpc_getusername ||
166 failed=$(expr $failed + 1)
167
168 cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} -k no --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
169 testit "test smbtorture legacy ntlm (kerberos=no)" \
170 test_rpc_getusername ||
171 failed=$(expr $failed + 1)
172
173 cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} -k yes --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
174 testit "test smbtorture legacy kerberos=yes" \
175 test_rpc_getusername ||
176 failed=$(expr $failed + 1)
177
178 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
179 cmd='$samba_smbtorture -k yes --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
180 testit "test smbtorture legacy kerberos=yes ccache" \
181 test_rpc_getusername ||
182 failed=$(expr $failed + 1)
183 $samba_kdestroy
184
185 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
186 cmd='$samba_smbtorture -k no --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
187 testit_expect_failure "test smbtorture legacy kerberos=no ccache (negative test)" \
188 test_rpc_getusername ||
189 failed=$(expr $failed + 1)
190 $samba_kdestroy
191
192 ### SMBTORTURE
193
194 cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
195 testit "test smbtorture default" \
196 test_rpc_getusername ||
197 failed=$(expr $failed + 1)
198
199 cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} --use-kerberos=disabled --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
200 testit "test smbtorture ntlm (kerberos=no)" \
201 test_rpc_getusername ||
202 failed=$(expr $failed + 1)
203
204 cmd='$samba_smbtorture -U${USERNAME}%${PASSWORD} --use-kerberos=required --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
205 testit "test smbtorture kerberos=yes" \
206 test_rpc_getusername ||
207 failed=$(expr $failed + 1)
208
209 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
210 cmd='$samba_smbtorture --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
211 testit "test smbtorture kerberos=yes ccache" \
212 test_rpc_getusername ||
213 failed=$(expr $failed + 1)
214 $samba_kdestroy
215
216 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
217 cmd='$samba_smbtorture --use-kerbers=required --configfile=${CONFIGURATION} --maximum-runtime=30 --basedir=$PREFIX --option=torture:progress=no --target=samba4 ncacn_np:${SERVER} rpc.lsa-getuser 2>&1'
218 testit_expect_failure "test smbtorture kerberos=no ccache (negative test)" \
219 test_rpc_getusername ||
220 failed=$(expr $failed + 1)
221 $samba_kdestroy
222
223 ### SMBCLIENT (legacy)
224 cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --configfile=${CONFIGURATION} -c "ls; quit"'
225 testit "test smbclient legacy ntlm" \
226 test_smbclient ||
227 failed=$(expr $failed + 1)
228
229 cmd='echo ${PASSWORD} | USER=$USERNAME $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} --configfile=${CONFIGURATION} -c "ls; quit"'
230 testit "test smbclient legacy ntlm interactive" \
231 test_smbclient ||
232 failed=$(expr $failed + 1)
233
234 cmd='echo ${PASSWORD} | $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME} --configfile=${CONFIGURATION} -c "ls; quit"'
235 testit "test smbclient legacy ntlm interactive with -U" \
236 test_smbclient ||
237 failed=$(expr $failed + 1)
238
239 cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} -k --configfile=${CONFIGURATION} -c "ls; quit"'
240 testit "test smbclient legacy kerberos" \
241 test_smbclient ||
242 failed=$(expr $failed + 1)
243
244 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
245 cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -k --configfile=${CONFIGURATION} -c "ls; quit"'
246 testit "test smbclient legacy kerberos ccache" \
247 test_smbclient ||
248 failed=$(expr $failed + 1)
249 $samba_kdestroy
250
251 ### SMBCLIENT tests for --use-kerberos=desired|required|disabled
252 cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --use-kerberos=disabled --configfile=${CONFIGURATION} -c "ls; quit"'
253 testit "test smbclient ntlm" \
254 test_smbclient ||
255 failed=$(expr $failed + 1)
256
257 cmd='echo ${PASSWORD} | USER=$USERNAME $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} --use-kerberos=disabled --configfile=${CONFIGURATION} -c "ls; quit"'
258 testit "test smbclient ntlm interactive" \
259 test_smbclient ||
260 failed=$(expr $failed + 1)
261
262 cmd='echo ${PASSWORD} | $samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME} --use-kerberos=disabled --configfile=${CONFIGURATION} -c "ls; quit"'
263 testit "test smbclient ntlm interactive with -U" \
264 test_smbclient ||
265 failed=$(expr $failed + 1)
266
267 cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --use-kerberos=desired --configfile=${CONFIGURATION} -c "ls; quit"'
268 testit "test smbclient kerberos=desired" \
269 test_smbclient_kerberos ||
270 failed=$(expr $failed + 1)
271
272 cmd='$samba_smbclient //${SERVER}/tmp -W ${DOMAIN} -U${USERNAME}%${PASSWORD} --use-kerberos=required --configfile=${CONFIGURATION} -c "ls; quit"'
273 testit "test smbclient kerberos=required" \
274 test_smbclient_kerberos ||
275 failed=$(expr $failed + 1)
276
277 kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
278 cmd='$samba_smbclient //${SERVER}/tmp --use-krb5-ccache=$KRB5CCNAME --configfile=${CONFIGURATION} -c "ls; quit"'
279 testit "test smbclient kerberos=required ccache" \
280 test_smbclient ||
281 failed=$(expr $failed + 1)
282 $samba_kdestroy
283
284 rm -rf $KRB5CCNAME_PATH
285
286 exit $failed
Samba GIT mirror